A hybrid and hierarchical NIDS paradigm utilizing naive Bayes classifier

For some years we have recognized that, no matter what preventive security we have in the Internet community, compromises can and will occur. Accordingly, intrusion detection systems have become "must haves" for virtually all large installations. In this paper, a new detection paradigm is designed to improve the veracity and efficiency of detection systems. Our proposed hybrid and hierarchical NIDS both monitors the payload of network data in the network layer and also analyzes network-based attacks as anomalies in the application layer using statistical processing and classification. Both the advantages of signature-match and anomaly-analysis techniques are exploited in our system. A naive Bayes analysis algorithm is used in our prototype to implement and enhance the ability of our detection system. Various performance tests are conducted to evaluate our system\´s effectiveness and efficiency. According to the test reports, the detect rate of NIDS is improved and the negative false alarms are sharply decreased. A machine-learning function is therefore able to be added to our system.